August 2018 - Celadon

[CELADON] Grub build image Issue Notification

by Balan, Swaroop

Hello All, Currently GRUB Enabled Build has issue . Please use Kernel Flinger Based Build Wiki : https://github.com/projectceladon/manifest/wiki I will notify once the grub build works on celadon . Regards, Swaroop Balan Android SI and Sysdebug Team (AOSE)

1 year, 9 months

5
5
0 / 0

Need to install efitools package

by Tan, Ming

Dear all: In order to compile the Celadon, now need to install the efitools package. In Ubuntu, run the following command to install the efitools package: $ sudo apt-get install efitools. If the efitools package is not installed, you will get the following error: FAILED: out/target/product/cel_apl/bootloader_policy-oemvars.txt /bin/bash -c "device/intel/build/generate_blpolicy_oemvars -K device/intel/build/testkeys/odm -O device/intel/build/testkeys/OAK.x509.pem -B 0x0 out/target/product/cel_apl/bootloader_policy-oemvars.txt" WARNING: can't open config file: /system/lib64/ssl/openssl.cnf WARNING: can't open config file: /system/lib64/ssl/openssl.cnf Traceback (most recent call last): File "device/intel/build/generate_blpolicy_oemvars", line 261, in <module> main(sys.argv[1:]) File "device/intel/build/generate_blpolicy_oemvars", line 229, in main password, guid, "OAK", m.digest()) File "device/intel/build/generate_blpolicy_oemvars", line 144, in get_auth_data name, payload_fname, auth_fname], None) File "device/intel/build/generate_blpolicy_oemvars", line 73, in run p = subprocess.Popen(args, stdin=subprocess.PIPE, stdout=subprocess.PIPE) File "/usr/lib/python2.7/subprocess.py", line 710, in __init__ errread, errwrite) File "/usr/lib/python2.7/subprocess.py", line 1327, in _execute_child raise child_exception OSError: [Errno 2] No such file or directory BR/Tan Ming. Software Engineer, SSG/OTC. Mobile: +86 13651977713.

1 year, 9 months

1
0
0 / 0

informations about celadon

by Carlo Sindico

Hi, I'm interesting about celadon project because i i would install android on intel NUC. I'm notice that the repository that contains the image files has been deleted. May i have more informations about this? Best Reguards, Carlo

1 year, 9 months

2
1
0 / 0

Re: [01.org Celadon] [CELADON] Binary is removed from GitHub

by Balan, Swaroop

Hello All, Please stay tuned for more detailed updates which will be announced shortly :) Regards, Swaroop Balan From: Balan, Swaroop Sent: Wednesday, August 29, 2018 11:41 AM To: 'celadon(a)lists.01.org' <celadon(a)lists.01.org> Subject: [CELADON] Binary is removed from GitHub Hello All, Celadon Binary is removed from GitHub . https://github.com/projectceladon/celadon-binary Regards, Swaroop Balan

1 year, 9 months

1
0
0 / 0

[CELADON] Binary is removed from GitHub

by Balan, Swaroop

Hello All, Celadon Binary is removed from GitHub . https://github.com/projectceladon/celadon-binary Regards, Swaroop Balan

1 year, 9 months

2
1
0 / 0

Recall: [CELADON] Binary is removed from GitHub

by Balan, Swaroop

Balan, Swaroop would like to recall the message, "[CELADON] Binary is removed from GitHub ".

1 year, 9 months

1
0
0 / 0

Recall: [CELADON] Binary is removed from GitHub

by Balan, Swaroop

Balan, Swaroop would like to recall the message, "[CELADON] Binary is removed from GitHub ".

1 year, 9 months

1
0
0 / 0

Re: [01.org Celadon] SGX support

by Mehmood, Arshad

Hi Roger, The Trusty implementation in Celadon is missing HW backed storage support which could prevent users to productize their BSPs due to reduced security. Google will not issue GMS compliance due to lack of HW backed storage. Currently, a hard coded seed value is given to Trusty at boot time which in end products is expected to be dynamic and attached to a particular hardware instance. It would be very helpful if a HW backed storage reference implementation (seed value extraction from CSE/TPM or any other medium) is also included into Celadon. This will make end product creation easier using Celadon. Regards, Arshad -----Original Message----- From: Feng, Roger [mailto:roger.feng at intel.com <mailto:celadon%40lists.01.org?Subject=Re%3A%20%5B01.org%20Celadon%5D%20SGX%20support&In-Reply-To=%3C32395DC3CB351A41B32D74B55F97D51156CE7A24%40SHSMSX104.ccr.corp.intel.com%3E> ] Sent: Friday, August 24, 2018 8:32 AM To: Stone Shi <stonexp(a)gmail.com<mailto:stonexp@gmail.com>> Cc: celadon at lists.01.org<https://lists.01.org/mailman/listinfo/celadon> Subject: Re: [01.org Celadon] SGX support Hi Stone, Trusty for x86 (namely Trusty-IA) is supported and you can find the open source below. We upstream the code to Google Trusty in parallel. https://01.org/trusty-ia https://github.com/trusty-ia/manifest/wiki Trusty-IA fully complies with Google Trusty. Trusty overview and API reference from Google is a good start. https://source.android.com/security/trusty/ https://source.android.com/security/trusty/trusty-ref The sample TAs are good "hello world" examples https://github.com/trusty-ia/trusty_app_sample Trusty supports Celadon project and provides the services including keymaster, emulated secure storage, crytpo and others. You may start your POC there. https://github.com/projectceladon/manifest/wiki If you have further questions on Trusty, feel free to contact me or zachary.zou at intel.com<https://lists.01.org/mailman/listinfo/celadon> directly. thanks, Roger -----Original Message----- From: Stone Shi [mailto:stonexp at gmail.com<https://lists.01.org/mailman/listinfo/celadon>] Sent: Friday, August 24, 2018 4:39 AM To: Feng, Roger <roger.feng at intel.com<https://lists.01.org/mailman/listinfo/celadon>> Cc: celadon at lists.01.org<https://lists.01.org/mailman/listinfo/celadon> Subject: Re: [01.org Celadon] SGX support Hi Roger, I am working as independent consultant. One of clients like to know whether thats possible for a POC. Windows 10 has license cost, I am not familiar with linux GUI application so Android seemed pretty good option. As I guessed, if SGX option is not there for Android, porting will be big work. Would you please share more information about TEE? Isn't that part of ARM not intel CPU? Yes, I am interested in Trusty, please share more information. Thank you very much. Stone > On Aug 22, 2018, at 10:30 PM, Feng, Roger <roger.feng at intel.com<https://lists.01.org/mailman/listinfo/celadon>> wrote: > > Hi Stone, > > Good to know you are developing secure payment with SGX. > Do you mind telling us what company are you working for and what's the business for this prototype? It helps us to evaluate the importance of SGX for Android support. > > SGX currently supports Windows & Linux. SGX for Android support is still on the way. > You can find the SGX open source resources for Linux here https://github.com/intel/linux-sgx. > > As you know, SGX consists of Intel(R) SGX driver, the Intel(R) SGX SDK, and the Intel(R) SGX Platform Software (PSW). > To support Android, these components must be ported accordingly. SGX driver and PSW are quite straightforward to port for Android. > The key work is the SDK porting which is not a trivial task and I believe it is challenging for an end user who is not very familiar with it. > > Alternatively, before the SGX for Android support is available, is it possible to leverage other features or techniques to implement your POC? For Celadon, we have Trusty, a trusted execution environment (TEE), which provides the secure isolated space to run secure payment services, the secure storage with replay protection, keymaster servicer for key management. If you are interested in Trusty, we can provide you more info. > > Thanks, > Roger > > -----Original Message----- > From: Stone Shi [mailto:stonexp at gmail.com<https://lists.01.org/mailman/listinfo/celadon>] > Sent: Wednesday, August 22, 2018 1:14 AM > To: Feng, Roger <roger.feng at intel.com<https://lists.01.org/mailman/listinfo/celadon>> > Cc: celadon at lists.01.org<https://lists.01.org/mailman/listinfo/celadon> > Subject: Re: [01.org Celadon] SGX support > > Thank you for getting back to me. I am looking for some prototype to protect sensitive information inside payment related application. Ideally, application has signed part of enclave and can be remotely attested. Server can push key into application and application can store all sensitive information encrypted. > > > > Stone > >> On Aug 20, 2018, at 9:31 PM, Feng, Roger <roger.feng at intel.com<https://lists.01.org/mailman/listinfo/celadon>> wrote: >> >> Hi Stone, >> One more thing, would you tell us what you would like to use SGX for? Then we can discuss further on your request for future. >> >> Thanks, >> Roger >> >> -----Original Message----- >> From: Celadon [mailto:celadon-bounces at lists.01.org<https://lists.01.org/mailman/listinfo/celadon>] On Behalf Of Feng, Roger >> Sent: Monday, August 20, 2018 1:47 PM >> To: Zhang, Yanmin <yanmin.zhang at intel.com<https://lists.01.org/mailman/listinfo/celadon>>; Stone Shi <stonexp at gmail.com<https://lists.01.org/mailman/listinfo/celadon>>; celadon at lists.01.org<https://lists.01.org/mailman/listinfo/celadon> >> Subject: Re: [01.org Celadon] SGX support >> >> Hi Stone, >> By now there is no plan to support SGX for Android. Hope it clarifies. >> >> Thanks, >> Roger >> >> -----Original Message----- >> From: Zhang, Yanmin >> Sent: Monday, August 20, 2018 11:45 AM >> To: Stone Shi <stonexp at gmail.com<https://lists.01.org/mailman/listinfo/celadon>>; celadon at lists.01.org<https://lists.01.org/mailman/listinfo/celadon> >> Cc: Feng, Roger <roger.feng at intel.com<https://lists.01.org/mailman/listinfo/celadon>> >> Subject: RE: [01.org Celadon] SGX support >> >> +Roger. >> >>> -----Original Message----- >>> From: Celadon [mailto:celadon-bounces at lists.01.org<https://lists.01.org/mailman/listinfo/celadon>] On Behalf Of Stone Shi >>> Sent: Monday, August 20, 2018 7:51 AM >>> To: celadon at lists.01.org<https://lists.01.org/mailman/listinfo/celadon> >>> Subject: [01.org Celadon] SGX support >>> >>> Hi, >>> >>> I wonder is it possible to support SGX in Celadon project? What needs be done? >>> >>> >>> Stone >> -- >> Celadon mailing list >> Celadon at lists.01.org<https://lists.01.org/mailman/listinfo/celadon> >> https://lists.01.org/mailman/listinfo/celadon >

1 year, 9 months

2
1
0 / 0

SGX support

by Stone Shi

Hi, I wonder is it possible to support SGX in Celadon project? What needs be done? Stone

1 year, 9 months

4
9
0 / 0

[CELADON GITHUB] Notification on enabling Art extension and Trusty

by Balan, Swaroop

Hello All, Art-extension and Trusty is now enabled on GITHUB CELADON (master branch) Regards, Swaroop Balan

1 year, 9 months

1
0
0 / 0

2020

2019

2018

Celadon August 2018